|Publication number||US7336785 B1|
|Application number||US 09/461,984|
|Publication date||Feb 26, 2008|
|Filing date||Dec 15, 1999|
|Priority date||Jul 9, 1999|
|Also published as||EP1110399A1, WO2001005150A1|
|Publication number||09461984, 461984, US 7336785 B1, US 7336785B1, US-B1-7336785, US7336785 B1, US7336785B1|
|Inventors||Jin Lu, Martin Freeman|
|Original Assignee||Koninklijke Philips Electronics N.V.|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (10), Non-Patent Citations (5), Referenced by (54), Classifications (30), Legal Events (4)|
|External Links: USPTO, USPTO Assignment, Espacenet|
The priority of U.S. Provisional Application No. 60/143,501, filed Jul. 9, 1999 is claimed.
This invention relates to a communication system and, more particularly, to a copy protection system for information transmitted between a deployment module, such as a point of deployment (POD) module, and a host device, such as a set-top box.
Digital video and audio consumer electronics/devices are used by consumers to receive and conduct numerous services and transactions, for example, to receive video, audio and data streams from a (cable television) service provider, such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per-View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services.
In particular, one such device is a point of deployment (POD) module. A POD module is a removable card inserted into a host device, such as a set-top box. As is well known in the art, a POD module provides several functions including security that is physically separate from a set-top box's navigation function and processing out-of-band cable signals. For additional details on POD modules, see SOCIETY OF CABLE TELECOMMUNICATIONS ENGINEERS, INC. (SCTE) Document: SCTE DVS 131 Rev. 7, entitled “Draft Point-of-Deployment (POD) Module Interface Proposal” dated Dec. 3, 1998, (hereinafter known as “DVS131r7”).
Consumers rely on such devices to communicate, access programs and services or engage in commercial transactions in which privacy and/or security is desired and, in many cases, expected. In this regard, the POD module also decrypts content information encrypted by service providers. It may be part of a so-called “conditional access” (CA) system that spans the head-end of a service provider network and the POD module itself.
To receive information from a particular service provider, a POD module that contains an algorithm related to a particular proprietary CA system, which is associated with a particular service provider, must be inserted to a host device. After content information is selected by the host device/viewer and received in the POD module from a service provider, it is decrypted in the POD module. The (decrypted) content information is again encrypted in the POD module with a new set of keys to protect it when transmitted across the POD/host interface.
The content information is transmitted in a so-called transport stream, which contains several elementary streams. An elementary stream may contain a video feed, a sound track or a data file. Copy protection is provided on the basis of elementary streams.
For every copy protected elementary stream, there is an associated Copy Control Information (CCI). It is used by the host device to decide (1) how many copies (e.g. one copy, zero copies) of the elementary stream can be made; (2) what copy formats are allowed (e.g. analog formats including composite and component and digital formats); and (3) other copy protection related activities. The CCI is passed from the POD module to the host device to indicate how the corresponding elementary stream of the content should be treated. To prevent an “intruder” from tampering with the CCI, it must be protected when transmitted to the host device.
Standard cryptographic methods exist for the general encryption/decryption within such a system, however, these methods each have significant limitations. In one such method a proprietary CA system, as well as its associated algorithms for encryption/decryption, is used. Instead of transmitting every CCI associated with an elementary stream in the content, this method transmits the most restrictive CCI to the host.
Although, the CCI is not encrypted when transmitted between the POD module and the host device, it is afforded some degree of protection. The CCI is typically embedded in shared keys that are used to encrypt the content information at the POD module and decrypt the content information when received by the host device.
One problem with this approach is that if the content contains multiple elementary streams, each elementary stream may have a different CCI. Since the host device uses the most restrictive CCI for its copy protection processing, content information may be prevented from being properly copied. For example, if there are two elementary streams, and the CCI associated with the first one indicates “copy once”, while the CCI associated with the second one indicates “never copy”, then neither of the elementary streams can be copied. This prevents a stream from being legally copied when another (possibly unrelated) stream has a more restrictive CCI.
Thus, there is a clear and present need for an effective means to provide copy protection that utilizes encryption, while still providing consumers with the information desired in a less restrictive manner. In particular, copy protection of information between a POD module and a set-top box.
The problems associated with copy protection of information, such as content information from a service provider, transmitted between a deployment module, such as a POD module, and a host device, such as a set-top box, are reduced or overcome by an arrangement in accordance with the principles of the present invention in which at least one control information pair is associated with the transmitted copy protected information, for example, one control information pair for each elementary stream relating to selected content information (e.g. a program from a cable service provider).
Specifically, the control information pair includes, in addition to copy control information (CCI), a stream identifier. The stream identifier uniquely identifies the transmitted copy protected information (or portion thereof e.g. an elementary stream).
In particular, it is an object of the present invention to eliminate the use of the most restrictive copy control information (CCI), when for example multiple content information or elementary streams are received by a deployment module.
In one illustrative embodiment, a Packet Identifier (PID) associated with each elementary stream of the transmitted copy protected information is used as the stream identifier for the respective elementary stream. A PID indicates the type of data stored in the packet payload. Preferably, the stream identifier is incorporated with the Packetized Elementary Stream (PES) header of the elementary stream. Since the PES header for copy protected information is encrypted during transmission between the deployment module and host device, the stream-identifier is in turn protected.
To help prevent hackers or intruders from illegally manipulating the copy protected information, the control information pair(s) is incorporated into shared (session) keys, which are generated respectively, on both the deployment module and the host device. Accordingly, if the control information pair(s) is tampered with, then the respective shared key(s) in the host and deployment module will not match. As a result, the host device will not be able to correctly decrypt the copy protected information encrypted by the deployment module with its shared key(s), thereby thwarting an intruder's attempt at illegally manipulating the copy protected information.
The invention will be more readily understood after reading the following detailed description taken in conjunction with the accompanying drawing, in which:
Deployment module 12 includes a host interface 16 and a processor 18. Host interface 16 is used to communicate with host device 10 via medium 14. Host interface 16 may be any conventional system for allowing the transmission of information between the host device and the deployment module. For example, medium 14 may include a standardized bi-directional access to Out-Of-Band RF and in-band MPEG-2 Transport Stream input and output device.
The majority of logic, control, supervisory, translation functions required for the operation of deployment module 12 is performed by processor 18 which also includes programs for the operations functionally described in
Although deployment module 12 is described as a POD module, this arrangement is merely for convenience and it is to be understood that deployment modules are not limited to POD modules, per se. As used herein, the term “deployment module” refers to any type of (1) point of deployment module, (2) wireless, cellular or radio data interface appliance, (3) smartcard (4) personal computer, and (5) internet interface appliance, which facilitates the transfer of data, access remote services or engage in transactions and in which privacy and/or security is desired.
Host 10 communicates with deployment module 12 through communication medium 14. Host 10 includes a deployment module interface 24, which is arranged to operate with host interface 16, a server provider interface 20 and a processor 22.
Similar to the deployment module, the majority of logic, control, supervisory, translation functions required for the operation of host 10 are performed by processor 22 which also includes programs for the operations functionally described in
The principles of the present invention are particularly useful for the copy protection of information or data transmitted between a POD module and a host device in a service provider communications network, such as a cable television network. However, it is to be understood that the steps described below in
With simultaneous reference to
In step 206, when particular (content) information is selected, the host device notifies the deployment module via a request message. The particular information is selected, for example, by a user selecting a channel on cable television network. By looking at the electronic program guide (EPG), the host device determines which video, audio and/or data streams are contained in the selected information, for example, channel or programs. The request message also contains the PIDs of the elementary streams associated with the selected information.
In step 208, the deployment module, after receiving the selected PIDs from the request message, prepares to decrypt the elementary streams identified by the PIDs and then re-encrypt them for copy protection. Preparing the elementary stream decryption involves deriving session keys from a conditional access (CA) system, so that the deployment module can decrypt the selected information from the service provider. After this preparation is complete, in step 210, a reply message is sent from the deployment module to the host device to indicate that the deployment module is ready to decrypt the associated streams from the service provider. Included in the reply message is at least one control information pair associated with the selected information, and each pair having a stream identifier and a CCI.
Thereafter, in step 212, shared keys are calculated by the deployment module and host device, incorporating the control information pair(s), unlike the prior art that used only a CCI. The shared keys are a pair of keys (for example even and odd keys) shared by both the deployment module and the host device. Both the deployment module and the host device use the shared keys, respectively, to encrypt and decrypt information crossing the deployment module/host device interface. For the shared key calculation any of a number of methods can be used, see for example, Cable Television Laboratories specification entitled “OpenCablem™ POD Copy Protection System DRAFT REV 991008” Document: IS-POD-CP-WD02-991027, published on Oct. 27, 1999, (hereinafter “IS-POD-CP”), which is incorporated by reference herein. As is well known by persons skilled in the art, the shared key pair is a function of a number of factors, including random numbers, public keys exchanged between the deployment module and host device, and the Host ID.
Illustratively, the host device computes an ODD/EVEN key pair using a conventional hash function, for example, SHA-1 Secure Hash Algorithm (for further details on the SHA-1 hash function, see IS-POD-CP), where the control information pair(s) is represented by “streamer identifier-cci”:
ODDHost=SHA-1[N Host|streamer_identifier-cci|K s |K cpss]lsb56
EVENHost=SHA-1[N Host|streamer_identifier-cci|K s |K cpss]msb56
The deployment module's CA module computes an ODD/EVEN key pair using the SHA-1 has function:
where NHost and Nmodule are two random numbers generated on the host device and deployment module respectively, Ks and Kcpss are two generated keys, lsb56 refers to the least significant 56 bits and msb56 refers to the most significant 56 bits, and streamer identifier-cci is calculated as follows,
streamer identifier-cci=SHA-1[stream identifier1|CCI1| . . . |stream identifiern|CCIn]
where the stream identifieri and CCI1 are the control information pair for elementary stream i.
In a preferred embodiment the stream identifier uniquely identifies an elementary stream and is inserted into the PES header associated with the elementary stream at the time a PID is assigned to the elementary stream. Preferably, this takes place in the head-end of the service provider network at the time a transport stream is generated from elementary streams. In particular, a 7-bit field in the PES header called “additional copy info” is available for copy protection, see International Telecommunication Union (ITU-T) Recommendation H.222.0/ISO/IEC 13818-1 (1996-04), entitled “Information Technology—Generic Coding of Moving Pictures and Associated Audio Information: Systems,” which is incorporated by reference herein. The additional copy info field is used to store the stream identifier. A 7-bit number can support up to 128 different stream identifiers, which is typically enough for the number of copy protected elementary streams in one transport stream. After the host device has decrypted the encrypted PES, the stream identifier is retrieved.
After the deployment module finishes its calculation of the shared session key(s), it sends a synchronization message to the host device to indicate that it is ready to send the encrypted information to the host device, represented by step 214.
After the host device finishes its calculation of the shared session key(s), it synchronizes with the deployment module, and the deployment module transmits the encrypted information, represented by step 216.
The host device then begins to decrypt the encrypted information (e.g. the selected copy protected content information that has been encrypted with the shared key(s)). Accordingly, host device 10 is allowed to complete a transaction or receive the selected services. For example, the host device changes to a selected program channel of a cable service provider. However, if the shared key(s) do not match (for example, due to an attempt to tamper with the control information pairs), the decryption of the copy protected content fails, for example, viewers will only receive scrambled information, such as scrambled pictures. These steps are represented by steps 218-222. Thereafter, the user can select new information by returning to step 206.
Advantageously, even if an interloper intercepts a transmission between the host device and deployment module, he or she can not directly detect the stream identifier, since it is encrypted in the PES header. Thus, even if a CCI is detected, an interloper can not tamper with the selected information, for example, swap the PID fields associated with two streams. The possibility of such remapping is substantially reduced, since the stream identifiers are bound to their associated elementary streams and this binding is protected by encryption.
Finally, it is to be understood that although the invention is disclosed herein in the context of particular illustrative embodiments, those skilled in the art will be able to devise numerous alternative arrangements. Such alternative arrangements, although not explicitly shown or described herein, embody the principles of the present invention and are thus within its spirit and scope.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US5799081 *||Oct 27, 1995||Aug 25, 1998||Lg Electronics Inc.||Illegal view/copy protection method and apparatus for digital broadcasting system|
|US5987126 *||Mar 13, 1998||Nov 16, 1999||Kabushiki Kaisha Toshiba||Device having a digital interface and a network system using such a device and a copy protection method|
|US6055314 *||Mar 22, 1996||Apr 25, 2000||Microsoft Corporation||System and method for secure purchase and delivery of video content programs|
|US6550008 *||Feb 26, 1999||Apr 15, 2003||Intel Corporation||Protection of information transmitted over communications channels|
|US6571055 *||Nov 24, 1999||May 27, 2003||Pioneer Corporation||Compressed audio information recording medium, compressed audio information recording apparatus and compressed audio information reproducing apparatus|
|EP0763936A2||Sep 6, 1996||Mar 19, 1997||Lg Electronics Inc.||Illegal view/copy protection method and apparatus for digital broadcasting system|
|EP0924930A2||Nov 30, 1998||Jun 23, 1999||Hitachi, Ltd.||A digital information recording apparatus with copyright protection|
|JPH1186437A||Title not available|
|JPH11176087A||Title not available|
|WO1998056179A1 *||Jun 5, 1998||Dec 10, 1998||Thomson Consumer Electronics, Inc.||Conditional access system for set-top boxes|
|1||*||CED-Communications Engineering & Design, "OpenCable closing in on a standard"; Nov. 1998; http://www.cedmagazine.com/ced/9811/9811a.htm.|
|2||*||ITU-T, "Transmission Technology-Generic Coding of Moving Pictures and Associated Audio Information: Systems"; ITU-T Recommendation H.222.0 (Jul. 1995).|
|3||*||Lafferty, M., OpenCable closing in on a standard, Nov. 1998, http://www.cedmagazine.com/ced/9811/9811a.htm.|
|4||*||OpenCable POD Copy Protection System; IS-POD-CP-WD02-991027 (Rev 991008).|
|5||*||SCTE, Society of Cable Telecommunications Engineers, Inc., Digital Video Subcommittee, SCTE DVS 131 Rev. 7, Date of Original Issue: Feb. 6, 1998.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US7602912||Sep 25, 2007||Oct 13, 2009||Sony Corporation||Content selection for partial encryption|
|US7639804||Mar 5, 2007||Dec 29, 2009||Sony Corporation||Receiver device for star pattern partial encryption|
|US7688978||Feb 20, 2007||Mar 30, 2010||Sony Corporation||Scene change detection|
|US7751560||Jun 26, 2006||Jul 6, 2010||Sony Corporation||Time division partial encryption|
|US7751561||Dec 12, 2007||Jul 6, 2010||Sony Corporation||Partial encryption|
|US7751563||Sep 25, 2006||Jul 6, 2010||Sony Corporation||Slice mask and moat pattern partial encryption|
|US7751564||Mar 5, 2007||Jul 6, 2010||Sony Corporation||Star pattern partial encryption method|
|US7760879||Nov 8, 2007||Jul 20, 2010||Sony Corporation||Multiple partial encryption|
|US7765567||Dec 13, 2002||Jul 27, 2010||Sony Corporation||Content replacement by PID mapping|
|US7773750||Apr 30, 2007||Aug 10, 2010||Sony Corporation||System and method for partially encrypted multimedia stream|
|US7792294||Feb 20, 2007||Sep 7, 2010||Sony Corporation||Selective encryption encoding|
|US7823174||Apr 13, 2004||Oct 26, 2010||Sony Corporation||Macro-block based content replacement by PID mapping|
|US7823213 *||Oct 24, 2006||Oct 26, 2010||Panasonic Corporation||Recording apparatus, reproduction apparatus, data processing apparatus, recording and reproduction apparatus and data transmission apparatus and corresponding methods|
|US7853980||Jan 23, 2004||Dec 14, 2010||Sony Corporation||Bi-directional indices for trick mode video-on-demand|
|US7895616||Feb 27, 2002||Feb 22, 2011||Sony Corporation||Reconstitution of program streams split across multiple packet identifiers|
|US7895617||Jan 31, 2006||Feb 22, 2011||Sony Corporation||Content substitution editor|
|US7912220 *||Sep 16, 2004||Mar 22, 2011||Broadcom Corporation||Packetization of non-MPEG stream data in systems using advanced multi-stream POD interface|
|US8027469||Feb 8, 2008||Sep 27, 2011||Sony Corporation||Video slice and active region based multiple partial encryption|
|US8027470||Feb 8, 2008||Sep 27, 2011||Sony Corporation||Video slice and active region based multiple partial encryption|
|US8041190||Dec 1, 2005||Oct 18, 2011||Sony Corporation||System and method for the creation, synchronization and delivery of alternate content|
|US8051443||Apr 14, 2008||Nov 1, 2011||Sony Corporation||Content replacement by PID mapping|
|US8068610 *||Nov 20, 2002||Nov 29, 2011||General Instrument Corporation||Method and system for providing security within multiple set-top boxes assigned for a single customer|
|US8185921||Feb 28, 2006||May 22, 2012||Sony Corporation||Parental control of displayed content using closed captioning|
|US8243921||Aug 9, 2007||Aug 14, 2012||Sony Corporation||Decryption system|
|US8265277||Nov 5, 2007||Sep 11, 2012||Sony Corporation||Content scrambling with minimal impact on legacy devices|
|US8572667 *||Sep 18, 2008||Oct 29, 2013||Lg Electronics Inc.||Host device interfacing with a point of deployment (POD) and a method of processing digital video recorder (DVR) status information|
|US8818896||Apr 1, 2005||Aug 26, 2014||Sony Corporation||Selective encryption with coverage encryption|
|US20020194613 *||Feb 27, 2002||Dec 19, 2002||Unger Robert Allan||Reconstitution of program streams split across multiple program identifiers|
|US20030097563 *||Nov 20, 2002||May 22, 2003||Paul Moroney||Method and system for providing security within multiple set-top boxes assigned for a single customer|
|US20030174837 *||Dec 13, 2002||Sep 18, 2003||Candelore Brant L.||Content replacement by PID mapping|
|US20050028193 *||Apr 13, 2004||Feb 3, 2005||Candelore Brant L.||Macro-block based content replacement by PID mapping|
|US20050094809 *||Mar 16, 2004||May 5, 2005||Pedlow Leo M.Jr.||Preparation of content for multiple conditional access methods in video on demand|
|US20050097614 *||Jan 23, 2004||May 5, 2005||Pedlow Leo M.Jr.||Bi-directional indices for trick mode video-on-demand|
|US20050102702 *||Feb 9, 2004||May 12, 2005||Candelore Brant L.||Cablecard with content manipulation|
|US20050169473 *||Oct 13, 2004||Aug 4, 2005||Candelore Brant L.||Multiple selective encryption with DRM|
|US20050177845 *||Sep 16, 2004||Aug 11, 2005||Kevin Patariu||Packetization of non-MPEG stream data in systems using advanced multi-stream POD interface|
|US20050192904 *||Apr 1, 2005||Sep 1, 2005||Candelore Brant L.||Selective encryption with coverage encryption|
|US20060143460 *||Oct 14, 2005||Jun 29, 2006||Kabushiki Kaisha Toshiba||Household terminal device and method and program for updating it|
|US20060262926 *||Jun 26, 2006||Nov 23, 2006||Candelore Brant L||Time division partial encryption|
|US20070092077 *||Oct 24, 2006||Apr 26, 2007||Matsushita Electric Industrial Co., Ltd.||Recording apparatus, reproduction apparatus, data processing apparatus, recording and reproduction apparatus and data transmission apparatus and corresponding methods|
|US20070160210 *||Mar 5, 2007||Jul 12, 2007||Candelore Brant L||Star pattern partial encryption method|
|US20070189710 *||Jan 31, 2006||Aug 16, 2007||Pedlow Leo M Jr||Content substitution editor|
|US20070208668 *||Mar 1, 2006||Sep 6, 2007||Candelore Brant L||Multiple DRM management|
|US20070269046 *||Mar 5, 2007||Nov 22, 2007||Candelore Brant L||Receiver device for star pattern partial encryption|
|US20080085000 *||Sep 25, 2007||Apr 10, 2008||Candelore Brant L||Content selection for partial encryption|
|US20080095364 *||Dec 12, 2007||Apr 24, 2008||Candelore Brant L||Partial encryption|
|US20080123845 *||Jan 25, 2008||May 29, 2008||Candelore Brant L||Multiple selective encryption with DRM|
|US20080137847 *||Feb 8, 2008||Jun 12, 2008||Candelore Brant L||Video slice and active region based multiple partial encryption|
|US20080159531 *||Feb 8, 2008||Jul 3, 2008||Candelore Brant L||Video slice and active region based multiple partial encryption|
|US20080267400 *||Nov 8, 2007||Oct 30, 2008||Robert Allan Unger||Multiple partial encryption|
|US20090080867 *||Sep 18, 2008||Mar 26, 2009||Lg Electeonics Inc.||Host device interfacing with a point of deployment (POD) and a method of processing digital video recorder (DVR) status information|
|US20090150923 *||Sep 16, 2004||Jun 11, 2009||Kevin Patariu||Packetization of non-MPEG stream data in systems using advanced multi-stream POD interface|
|US20100027550 *||Apr 14, 2008||Feb 4, 2010||Candelore Brant L||Content replacement by PID mapping|
|US20100322596 *||Jan 31, 2006||Dec 23, 2010||Pedlow Leo M||Content substitution editor|
|U.S. Classification||380/201, 348/E07.061, 386/E05.004|
|International Classification||H04N7/16, H04L9/14, H04N5/913, H04L9/08, G06F21/24, H04N5/91, G06F12/14, H04N5/92|
|Cooperative Classification||H04L9/065, H04L2209/605, H04L2209/80, H04N7/163, H04N21/2541, H04N21/4181, H04N21/4627, H04N5/913, H04N2005/91321, H04N21/8355, H04N2005/91328, H04N2005/91364|
|European Classification||H04L9/18, H04N21/418C, H04N21/4627, H04N21/8355, H04N21/254R, H04N5/913, H04N7/16E2|
|Dec 15, 1999||AS||Assignment|
Owner name: PHILIPS ELECTRONICS NORTH AMERICA CORPORATION, NEW
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LU, JIN;FREEMAN, MARTIN;REEL/FRAME:010450/0362
Effective date: 19991210
|Dec 27, 2007||AS||Assignment|
Owner name: KONINKLIJKE PHILIPS ELECTRONICS N.V., NETHERLANDS
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PHILIPS ELECTRONICS NORTH AMERICA CORPORATION;REEL/FRAME:020292/0374
Effective date: 20071227
|Aug 19, 2011||FPAY||Fee payment|
Year of fee payment: 4
|Aug 21, 2015||FPAY||Fee payment|
Year of fee payment: 8